Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Organization level 'uplinksLossAndLatency' endpoint returning TLS error information in its response

ag_scilo
Here to help
3 weeks ago
3 weeks ago

Organization level 'uplinksLossAndLatency' endpoint returning TLS error information in its response

https://api.meraki.com/api/v1/organizations/15*****565/devices/uplinksLossAndLatency . One of our customers is trying to get performance data from this endpoint and getting errors like these in the responses.

We are looking for networkIDs and we are getting this

"networkId":"* TLSv1.3 (IN), TLS app data, [no content] (0):L_8134*********!234"
{"ts":"20* TLSv1.3 (IN), TLS app data, [no content] (0):

This is failing our collections . Question is if such data is expected in responses or Is it pointing out issues with the devices in play?

What would be a resolution for such errors ? Do we regex for expected data within responses or instruct the customers to verify the devices for TLS issues? 

 

0 Kudos
Subscribe
6 Replies 6
RaphaelL
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

Noticed a similar behavior on other endpoints today.

 

Btw general notice , never post sensible info such as : MAC , IPs , location , serial number and network ids.

Subscribe
In response to RaphaelL
ag_scilo
Here to help
3 weeks ago
3 weeks ago

Thanks . I edited my post. Any major changes or features got in recently ?

0 Kudos
Subscribe
In response to ag_scilo
sungod
Head in the Cloud
3 weeks ago
3 weeks ago

I'd just assume it's a transient failure, API endpoints are not 100% reliable/available.

You can always open a support case, always do this if a problem persists.

 

0 Kudos
Subscribe
In response to RaphaelL
JasonM
Meraki Employee
Meraki Employee
3 weeks ago
3 weeks ago

To add to what @RaphaelL mentioned regarding sensitive information, I'd include the Organization ID to that as well.

0 Kudos
Subscribe
In response to JasonM
ag_scilo
Here to help
3 weeks ago
3 weeks ago

Thanks. Is this behavior due to the discontinuation of support for certain TLS versions on devices, which means fixing the versions on those devices ? Or just a transient failure that could be ignored ?

0 Kudos
Subscribe
In response to ag_scilo
JasonM
Meraki Employee
Meraki Employee
3 weeks ago
3 weeks ago

I don't believe this to be due to TLS version compatibility as the TLS handshake wouldn't complete and thus wouldn't have an expectation any payload, partial or otherwise, would be delivered from the server. This can be easily verified in a Wireshark packet capture. Image attached illustrates this where the client sends an API request with TLSv1.1 and the server responds with a descriptive error followed by the termination of the TCP session.

Screenshot.png

 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.